# ROPgadget **Repository Path**: pwn2security/ROPgadget ## Basic Information - **Project Name**: ROPgadget - **Description**: 找程序中的rop链的gadget，支持多种架构 - **Primary Language**: Unknown - **License**: Not specified - **Default Branch**: master - **Homepage**: None - **GVP Project**: No ## Statistics - **Stars**: 0 - **Forks**: 0 - **Created**: 2021-03-07 - **Last Updated**: 2024-10-12 ## Categories & Tags **Categories**: Uncategorized **Tags**: None ## README ROPgadget Tool ================ This tool lets you search your gadgets on your binaries to facilitate your ROP exploitation. ROPgadget supports ELF/PE/Mach-O format on x86, x64, ARM, ARM64, PowerPC, SPARC and MIPS architectures. Since the version 5, ROPgadget has a new core which is written in Python using Capstone disassembly framework for the gadgets search engine - The older version can be found in the Archives directory but it will not be maintained. Install ------- If you want to use ROPgadget, you have to install [Capstone](http://www.capstone-engine.org/) first. For the Capstone's installation on nix machine: $ sudo pip install capstone Capstone supports multi-platforms (windows, ios, android, cygwin...). For the cross-compilation, please refer to the https://github.com/aquynh/capstone/blob/master/COMPILE.TXT file. After Capstone is installed, ROPgadget can be used as a standalone tool: $ ROPgadget.py Or installed into the Python site-packages library, and executed from $PATH. $ python setup.py install $ ROPgadget Or installed from PyPi $ pip install ropgadget $ ROPgadget Usage ----- usage: ROPgadget.py [-h] [-v] [-c] [--binary ] [--opcode ] [--string ] [--memstr ] [--depth ] [--only ] [--filter ] [--range ] [--badbytes ] [--rawArch ] [--rawMode ] [--rawEndian ] [--re ] [--offset ] [--ropchain] [--thumb] [--console] [--norop] [--nojop] [--callPreceded] [--nosys] [--multibr] [--all] [--noinstr] [--dump] [--silent] [--align ALIGN] optional arguments: -h, --help show this help message and exit -v, --version Display the ROPgadget's version -c, --checkUpdate Checks if a new version is available --binary Specify a binary filename to analyze --opcode Search opcode in executable segment --string Search string in readable segment --memstr Search each byte in all readable segment --depth Depth for search engine (default 10) --only Only show specific instructions --filter Suppress specific mnemonics --range Search between two addresses (0x...-0x...) --badbytes Rejects specific bytes in the gadget's address --rawArch Specify an arch for a raw file --rawMode Specify a mode for a raw file --rawEndian Specify an endianness for a raw file --re Regular expression --offset Specify an offset for gadget addresses --ropchain Enable the ROP chain generation --thumb Use the thumb mode for the search engine (ARM only) --console Use an interactive console for search engine --norop Disable ROP search engine --nojop Disable JOP search engine --callPreceded Only show gadgets which are call-preceded --nosys Disable SYS search engine --multibr Enable multiple branch gadgets --all Disables the removal of duplicate gadgets --noinstr Disable the gadget instructions console printing --dump Outputs the gadget bytes --silent Disables printing of gadgets during analysis --align ALIGN Align gadgets addresses (in bytes) --mipsrop MIPS useful gadgets finder stackfinder|system|tails|lia0|registers How can I contribute ? ---------------------- - Use Z3 to solve the ROP chain - Add system gadgets for PPC, Sparc, ARM64 (Gadgets.addSYSGadgets()) - Manage big endian in Mach-O format like the ELF classe. - Everything you think is cool :) Bugs/Patches/Contact -------------------- Please report bugs, submit pull requests, etc. on github at https://github.com/JonathanSalwan/ROPgadget The offical page is on shell-storm.org at http://shell-storm.org/project/ROPgadget/ License ------- See COPYING and the license header on all source files. For the files in the dependencies/ there are individual licenses in each folder.

Screenshots ----------- x64